[RADIATOR] Problem No Handler for TTLS inner authentication
Augusto Cabrera
acabrera at etapa.net.ec
Thu Apr 21 22:22:32 CDT 2011
I have a problem with configuration radiator.cfg helpme please, i have a erro de autentication :
Code: Access-Request
Identifier: 38
Authentic: <0><0><25><177><0><0>c<248><0><0>{<148><0><0><17><240>
Attributes:
User-Name = "@usbwimax"
NAS-IP-Address = 3.3.3.3
Calling-Station-Id = "5c4ca9e2b7dc"
NAS-Identifier = "WASN9770"
Event-Timestamp = 1303411496
EAP-Message = <2><24><0><192><21><0><23><3><1><0>
H WiMAX-Capability = <1><5>1.1<2><3><2><3><3><1><5><3><1><4><3><1>
WiMAX-BS-ID = 00000203f120
WiMAX-GMT-Timezone-Offset = -18000
NAS-Port-Type = Wireless-IEEE-802.16
WiMAX-PPAC = <1><6><0><0><0>c
Service-Type = Framed-User
Chargeable-User-Identity = ""
Message-Authenticator = <7>f<185><139><189>D<174><229><18>j<150><201>yZ<3><190>
Thu Apr 21 13:46:45 2011: DEBUG: Handling request with Handler 'NAS-IP-Address=3.3.3.3, Realm=usbwimax', Identifier 'AUTH-WIMAX'
Thu Apr 21 13:46:45 2011: DEBUG: Deleting session for @usbwimax, 3.3.3.3,
Thu Apr 21 13:46:45 2011: DEBUG: Handling with Radius::AuthSQL: AAA-SQL
Thu Apr 21 13:46:45 2011: DEBUG: Handling with Radius::AuthSQL: AAA-SQL
Thu Apr 21 13:46:45 2011: DEBUG: Query is: 'select reason from blacklist where nai='5c4ca9e2b7dc'':
Thu Apr 21 13:46:45 2011: DEBUG: Radius::AuthSQL looks for match with 5c4ca9e2b7dc [@usbwimax]
Thu Apr 21 13:46:45 2011: DEBUG: Radius::AuthSQL REJECT: No such user: 5c4ca9e2b7dc [@usbwimax]
Thu Apr 21 13:46:45 2011: DEBUG: Query is: 'select reason from blacklist where nai='DEFAULT'':
Thu Apr 21 13:46:45 2011: DEBUG: AuthBy SQL result: ACCEPT, No such user
Thu Apr 21 13:46:45 2011: DEBUG: Handling with Radius::AuthWIMAX: AAA-WIMAX
Thu Apr 21 13:46:45 2011: DEBUG: Handling with Radius::AuthWIMAX: AAA-WIMAX
Thu Apr 21 13:46:45 2011: DEBUG: Handling with EAP: code 2, 24, 192, 21
Thu Apr 21 13:46:45 2011: DEBUG: Response type 21
Thu Apr 21 13:46:45 2011: DEBUG: EAP TTLS data, 3, 24, 23
Thu Apr 21 13:46:45 2011: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: UNDEF
Identifier: UNDEF
Authentic: UNDEF
Attributes:
User-Name = "acabrera"
MS-CHAP-Challenge = ]t<156><132><145>x<247><24>){<201>u<249><22><199>*
MS-CHAP2-Response = y<0><22>j<195><199> <144><226>l<214><223>@<219><134><146><211><182><0><0><0><0><0><0><0><0>P<177><244><196>,T<246><182>YZ*(<26><229>S<182>|/jq<134><232>?<222>
Thu Apr 21 13:46:45 2011: DEBUG: EAP TTLS inner authentication request for acabrera
Thu Apr 21 13:46:45 2011: DEBUG: EAP result: 1, No Handler for TTLS inner authentication
Thu Apr 21 13:46:45 2011: DEBUG: AuthBy WIMAX result: REJECT, No Handler for TTLS inner authentication
Thu Apr 21 13:46:45 2011: INFO: Access rejected for 5c4ca9e2b7dc: No Handler for TTLS inner authentication
Thu Apr 21 13:46:45 2011: DEBUG: Packet dump:
My configuration is:
# Definicion del CLIENTE
<Client 3.3.3.3>
Secret wimaxwimax
Identifier WIMAX
DupInterval 5
</Client>
<Client 10.0.5.10>
Secret secret
Identifier EVDO
DupInterval 0
</Client>
<AuthBy SQL>
Identifier AAA-SQL
# Details for accessing the SQL database that contains
# user/device passwords, Device-Sessions etc.
# This should match the username created in wimax.sql
DBSource dbi:mysql:wimax
DBUsername mikem
DBAuth fred
NoEAP
Blacklist
AuthenticateAttribute Calling-Station-Id
AuthSelect select reason from blacklist where nai=%0
</AuthBy>
<AuthBy WIMAX>
Identifier AAA-WIMAX
DBSource dbi:mysql:wimax
DBUsername mikem
DBAuth fred
# WiMAX is required to handle at least TTLS
# We can handle any tpe that generates MSK and EMSK
EAPType TTLS, TLS, PEAP, MSCHAP-V2, PSK, PAX, FAST, SIM, AKA
EAPTLS_CAFile /etc/ssl/cert1/Rootcacert.pem
EAPTLS_CertificateFile /etc/ssl/cert1/Servercert.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile /etc/ssl/cert1/Serverkey.pem
EAPTLS_PrivateKeyPassword 12345678
EAPTLS_MaxFragmentSize 1400
HAPassword mysecret
AccountingTable ACCOUNTING
AcctColumnDef STATUS_TYPE,Acct-Status-Type
AcctColumnDef WIMAX_BEGINNING_OF_SESSION,WiMAX-Beginning-Of-Session
AcctColumnDef SESSION_ID,Acct-Session-Id
AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address
AcctColumnDef NAI,User-Name
AcctColumnDef USER_NAME,Chargeable-User-Identity
AcctColumnDef STATION_ID,Calling-Station-Id
AcctColumnDef NAS_IDENTIFIER,NAS-Identifier
AcctColumnDef NAS_IP_ADDRESS,NAS-IP-Address
AcctColumnDef WiMAX_BS_ID,WiMAX-BS-ID
AcctColumnDef EVENT_TIMESTAMP,Event-Timestamp
AcctColumnDef HUAWEI_USER_PRIORITY,Huawei-User-Priority
AcctColumnDef SESSION_TIME,Acct-Session-Time
AcctColumnDef WIMAX_ACTIVE_TIME,WiMAX-Active-Time
AcctColumnDef INPUT_OCTETS,Acct-Input-Octets
AcctColumnDef OUTPUT_OCTETS,Acct-Output-Octets
AcctColumnDef TERMINATE_CAUSE,Acct-Terminate-Cause
</AuthBy>
<AuthBy RADMIN>
Identifier AAA-SQL-CDMA-EVDO
NoDefault
DefaultSimultaneousUse 1
CaseInsensitivePasswords
RejectEmptyPassword
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth radminpw
AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\
MAXLOGINS,SERVICENAME, BADLOGINS, VALIDFROM,\
VALIDTO, CLASE, IMSI \
from RADUSERS where USERNAME=%0
# AuthColumnDef 0,Class,reply
AuthColumnDef IMSI,reply
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Event-Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,3GPP2-Correlation-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,Calling-Station-Id,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
# Controlamos el tiempo mámo de conexióel usuario de acuerdo al horario siguiente
# AddToReply Session-Timeout = "until Time"
</AuthBy>
# Handler para manejar WIMAX
<Handler NAS-IP-Address=3.3.3.3, Realm=wimaxtest>
AuthByPolicy ContinueWhileAccept
AuthBy AAA-SQL
AuthBy AAA-WIMAX
Identifier AUTH-WIMAX
RejectHasReason
AccountingHandled
</Handler>
# Handler para manejar WIMAX
<Handler NAS-IP-Address=3.3.3.3, Realm=usbwimax>
AuthByPolicy ContinueWhileAccept
AuthBy AAA-SQL
AuthBy AAA-WIMAX
Identifier AUTH-WIMAX
RejectHasReason
AccountingHandled
</Handler>
# Handler para manejar EVDO
<Handler NAS-IP-Address="/10.0.5.12|10.0.5.14|10.0.5.16|10.0.5.10/", Realm=evdo.com>
AuthByPolicy ContinueWhileAccept
AuthBy AAA-SQL-CDMA-EVDO
Identifier AUTH-EVDO
RejectHasReason
AccountingHandled
</Handler>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20110421/815f52dd/attachment.html
More information about the radiator
mailing list